On Thu, Jan 24, 2002 at 02:08:39PM -0500, David Chin wrote: > > > > If you don't trust POSIX permissions, well, it's time to give up on *NIX > > completely, and reformat and install NT. > > Um, then why are passwords in /etc/shadow encrypted?
Everything in the shadow group has to be able to read that file. There shouldn't be a whole lot of programs that need to do that, but it's more than in the case of Courier. Also, it allows the root user to look at the /etc/shadow file without revealing users' passwords. This adds some security if there are users that use the same passwords on all their machines. Neither of these arguments applies to the webadmin password. It only needs to be readable by single user, and presumably that user is the one who created the password in the first place. If a program on your machine is running as root and is somehow tricked into providing others with read access to random files on the machine, the plaintext password could be a problem. Is the liklihood of that happening enough to warrant the extra security? I don't know. m. _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
